PMA_securePath
This commit is contained in:
@@ -7,6 +7,9 @@ $Source$
|
|||||||
|
|
||||||
2004-06-15 Marc Delisle <lem9@users.sourceforge.net>
|
2004-06-15 Marc Delisle <lem9@users.sourceforge.net>
|
||||||
* queryframe.php: undefined $cfgRelation, thanks to Michael Keck (mkkeck)
|
* queryframe.php: undefined $cfgRelation, thanks to Michael Keck (mkkeck)
|
||||||
|
* export.php, sql.php, db_details_importdocsql.php, ldi_check.php,
|
||||||
|
tbl_replace.php, libraries/common.lib.php,
|
||||||
|
libraries/transformations.lib.php: new function PMA_securePATH()
|
||||||
|
|
||||||
2004-06-15 Michal Čihař <michal@cihar.com>
|
2004-06-15 Michal Čihař <michal@cihar.com>
|
||||||
* lang/czech: Updated.
|
* lang/czech: Updated.
|
||||||
|
@@ -201,7 +201,7 @@ if (isset($cfg['docSQLDir']) && !empty($cfg['docSQLDir'])) {
|
|||||||
} else {
|
} else {
|
||||||
|
|
||||||
// echo '<h1>Starting Import</h1>';
|
// echo '<h1>Starting Import</h1>';
|
||||||
$docpath = $cfg['docSQLDir'] . preg_replace('@\.\.*@', '.', $docpath);
|
$docpath = $cfg['docSQLDir'] . PMA_securePath($docpath);
|
||||||
if (substr($docpath, -1) != '/') {
|
if (substr($docpath, -1) != '/') {
|
||||||
$docpath .= '/';
|
$docpath .= '/';
|
||||||
}
|
}
|
||||||
|
@@ -48,7 +48,7 @@ if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') {
|
|||||||
if (substr($cfg['UploadDir'], -1) != '/') {
|
if (substr($cfg['UploadDir'], -1) != '/') {
|
||||||
$cfg['UploadDir'] .= '/';
|
$cfg['UploadDir'] .= '/';
|
||||||
}
|
}
|
||||||
$textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@s', '', $cfg['UploadDir']) . preg_replace('@\.\.*@', '.', $local_textfile);
|
$textfile = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . preg_replace('@^./@s', '', $cfg['UploadDir']) . PMA_securePath($local_textfile);
|
||||||
if (file_exists($textfile)) {
|
if (file_exists($textfile)) {
|
||||||
$open_basedir = @ini_get('open_basedir');
|
$open_basedir = @ini_get('open_basedir');
|
||||||
|
|
||||||
|
@@ -186,7 +186,7 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation, $transformat
|
|||||||
function PMA_sanitizeTransformationFile(&$filename) {
|
function PMA_sanitizeTransformationFile(&$filename) {
|
||||||
// garvin: for security, never allow to break out from transformations directory
|
// garvin: for security, never allow to break out from transformations directory
|
||||||
|
|
||||||
$include_file = preg_replace('@\.\.*@', '.', $filename);
|
$include_file = PMA_securePath($filename);
|
||||||
|
|
||||||
// This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant
|
// This value can also contain a 'php3' value, in which case we map this filename to our new 'php' variant
|
||||||
$testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file);
|
$testfile = preg_replace('@\.inc\.php3$@', '.inc.php', $include_file);
|
||||||
|
4
sql.php
4
sql.php
@@ -165,7 +165,7 @@ if (isset($btnDrop) && $btnDrop == $strNo) {
|
|||||||
unset($table);
|
unset($table);
|
||||||
}
|
}
|
||||||
$active_page = $goto;
|
$active_page = $goto;
|
||||||
require('./' . preg_replace('@\.\.*@', '.', $goto));
|
require('./' . PMA_securePath($goto));
|
||||||
} else {
|
} else {
|
||||||
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto));
|
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . str_replace('&', '&', $goto));
|
||||||
}
|
}
|
||||||
@@ -580,7 +580,7 @@ else {
|
|||||||
$message .= ' ' . (isset($GLOBALS['querytime']) ? '(' . sprintf($strQueryTime, $GLOBALS['querytime']) . ')' : '');
|
$message .= ' ' . (isset($GLOBALS['querytime']) ? '(' . sprintf($strQueryTime, $GLOBALS['querytime']) . ')' : '');
|
||||||
|
|
||||||
if ($is_gotofile) {
|
if ($is_gotofile) {
|
||||||
$goto = preg_replace('@\.\.*@', '.', $goto);
|
$goto = PMA_securePath($goto);
|
||||||
// Checks for a valid target script
|
// Checks for a valid target script
|
||||||
if (isset($table) && $table == '') {
|
if (isset($table) && $table == '') {
|
||||||
unset($table);
|
unset($table);
|
||||||
|
@@ -183,7 +183,7 @@ if (empty($valuelist) && empty($query)) {
|
|||||||
if ($is_gotofile) {
|
if ($is_gotofile) {
|
||||||
$js_to_run = 'functions.js';
|
$js_to_run = 'functions.js';
|
||||||
require_once('./header.inc.php');
|
require_once('./header.inc.php');
|
||||||
require('./' . preg_replace('@\.\.*@', '.', $goto));
|
require('./' . PMA_securePath($goto));
|
||||||
} else {
|
} else {
|
||||||
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . '&disp_query=');
|
PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto . '&disp_message=' . urlencode($message) . '&disp_query=');
|
||||||
|
|
||||||
@@ -235,7 +235,7 @@ if ($is_gotofile) {
|
|||||||
$js_to_run = 'functions.js';
|
$js_to_run = 'functions.js';
|
||||||
$active_page = $goto;
|
$active_page = $goto;
|
||||||
require_once('./header.inc.php');
|
require_once('./header.inc.php');
|
||||||
require('./' . preg_replace('@\.\.*@', '.', $goto));
|
require('./' . PMA_securePath($goto));
|
||||||
} else {
|
} else {
|
||||||
// I don't understand this one:
|
// I don't understand this one:
|
||||||
//$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
|
//$add_query = (strpos(' ' . $goto, 'tbl_change') ? '&disp_query=' . urlencode($sql_query) : '');
|
||||||
|
Reference in New Issue
Block a user